Discussions on software purchasing, licences and the need for Software Asset Management (SAM), usually begins from a position of chaos. With so many day-to-day activities and pressure to complete work, deadlines to meet and a whole ream of other reasons, the purchasing of software licenses often finds its way to the end of a long list of things to do. Once the current work has been completed and the priorities have changed, purchasing a licence can easily fall by the wayside. Software remains installed for others to use and becomes a de facto part of the corporate estate without further consideration. This is one example of how unlicensed software accumulates within organisations. In essence, software licence chaos is created through a combination of ignorance, negligence and bad management.
Other factors which contribute towards allowing this to happen include:
- The lack of control over who can download and install software. Everyone having administrator permission over their own desktop is more common than people would care to admit. This, combined with unrestricted internet access, is a recipe for software to be downloaded and installed as needed without giving software licensing a second thought.
- Lack of business processes around software installations. Restricting internet access and permissions on desktops will prevent users from downloading software and installing it, but without sufficient processes in place for the management of software requirements by the business, the default position is for a business user to ask an administrator to install the software. The higher the number of problems and support activities, the higher the likelihood is of this happening automatically without thinking about software licenses.
- The lack of vendor control over software usage. There are many different ways in which vendors can implement software to exercise control over usage, however not all methods are effective. This combined with the lack of control within organisations over how software is installed and by whom, contributes significantly to the use of unlicensed software. The mechanics of licence control and the implications for users and vendors will be discussed in a later article.
Implementing control of software licenses needs to fall into the following key programmes of work:
- Tactical work to clean up the environment of unlicensed software
- Strategic implementation of systems and processes to keep software under control, in essence the implementation of a Software Asset Management system
Demonstrating that both tactical and strategic works are taking place, along with an agreement that a true-up will take place once actual usage and licence shortfalls have been determined, will often satisfy software vendors and avoid legal entanglements.
Information security consultant with over 20 years’ extensive experience gained across a diverse range of private and public industry sectors including insurance, banking, telecommunications, health services, charities and more, both in the UK and internationally. Graduated in 1997 with a software engineering degree and specialising in cyber security, risk analysis, compliance reporting and access management.